core/src/features/admin/protect.js

import { getSession } from '@zen/core/features/auth/actions';
import { hasPermission, PERMISSIONS } from '@zen/core/users';
import { redirect } from 'next/navigation';

export async function protectAdmin({ redirectTo = '/auth/login', forbiddenRedirect = '/' } = {}) {
  const session = await getSession();
  if (!session) redirect(redirectTo);

  const allowed = await hasPermission(session.user.id, PERMISSIONS.ADMIN_ACCESS);
  if (!allowed) redirect(forbiddenRedirect);

  return session;
}

export async function isAdmin() {
  const session = await getSession();
  if (!session) return false;
  return hasPermission(session.user.id, PERMISSIONS.ADMIN_ACCESS);
}